Deployment Guide
8 Configuration Guide
security.authorization.method.IAdministrat
iveService.findLdapGroups
SystemAdmin,SecAdmin Roles required to find LDAP groups.
security.authorization.method.IAdministrat
iveService.findLdapUsers
SystemAdmin,SecAdmin Roles required to find LDAP users.
security.authorization.method.IAdministrat
iveService.addUsers
SystemAdmin,SecAdmin Roles required to add users.
security.authorization.method.IAdministrat
iveService.addLicense
SystemAdmin Role required to add enterprise licenses.
security.authorization.method.IAdministrat
iveService.getLicense
SystemAdmin Role required to view the enterprise license.
security.authorization.method.IDeviceMan
ager.recoverDevice
HelpDeskAdmin,SecAdmin Roles required to recover a device.
security.authorization.method.IDeviceMan
ager.isUserSuspended
HelpDeskAdmin,SecAdmin Roles required to suspend users.
security.authorization.method.DeviceMana
gerService.proxyActivate
SecAdmin Roles required to activate devices by proxy.
security.authorization.method.DeviceMana
gerService.proxiedDeviceManualAuth
HelpDeskAdmin,SecAdmin Roles required to manually recover a device
by proxy.
security.authorization.method.IFileManage
r.getGatekeeperResource
SystemAdmin Role required to retrieve the Gatekeeper
resource file.
security.authorization.method.IFileManage
r.approveGatekeeperResource
SystemAdmin Role required to approve the Gatekeeper
resource file.
security.authorization.method.IFileManage
r.approveGatekeeperConfig
SystemAdmin Roles required to approve Gatekeeper
configuration.
policy.arbiter.security.mode most-restrictive This property controls how the policy
mapping algorithm works for policy
elements that have a security bias when the
policy has multiple parent nodes.
Values:
Least-restrictive - the least restrictive
element value from the parents is used
Most-restrictive - the most restrictive
element value from all parents is used
policy.set.synchronization.sync-unmodified true This flag indicates that the next external
synchronization should add or remap all
policy elements without setting the
modified flag to true. This flag is toggled to
false after every synchronization, so it must
be reset if the security admin wants to add
without modifications. This is an advanced
option.
db.schema.version.major Major database schema.
db.schema.version.minor Minor database schema.
server_config.xml
Parameter Default Description